Author
Topic: [security] z-wave replay attack (Read 3432 times)

Hi guys,was giving LinuxMCE talk on annual Croatian Linux Users Conference and was asked one z-wave security related question: How secure is Z-Wave and could if it is not encrypted is is possible to carry out an replay attack?

AFAIK current generation of z-wave devices doesn't encrypt data, and security model is similar to bluetooth - key exchange happens during device pairing or joining new devices to existing network, right? From what I have seen, soon new generation of z-wave chips will have encryption out of the box.

So if z-wave traffic is not encrypted is there any other security and protection mechanism in place to prevent z-wave replay attacks or not?

Is it possible and how would somebody who is malicious carry out an z-wave replay attack? Is it enough to watch the z-wave traffic and spot when some command is sent, record it any replay it when ever you wish?

That way somebody could take over control over any devices you have that use z-wave...

yes, a replay attack is feasible. Another option would be to sniff the id of the network and program a controller to use the same one (e.g. with the skd/szniffer). But hey, we talk about light control and such..

yes, a replay attack is feasible. Another option would be to sniff the id of the network and program a controller to use the same one (e.g. with the skd/szniffer). But hey, we talk about light control and such..

It is never nice to underestimate what can be done, I would prefer to have all zwave devices with encrypted data transmission. It would cost probably not so much more but give a peace of mind.

If somebody invests this amount of energy to mess with your HA setup, you probably have set him up enough that he just takes an easier route to get you into trouble...

So I agree that it is necessary to think about attack vectors, but paranoia does not help any further..As possy said, if you need higher security (for whatever reason) use e.g. KNX, but then better make sure that the bus cable is not accessible from the outside (e.g. in the garden between buildings, ...)

I agree, wired closed loop is best thing for HA security. Has anybody payed attention to new zwave chips and that they claim to have builtin encryption? Will new gear backward compatible or will ne need to have all new zwave devices that support encryption?